Using a new malware known as USB culprit, Cycldek is able to bridge air-gapped networks. However, there is most likely a human element involved in deploying the malware.
Also known as Goblin Panda and Conimes, this threat actor was first discovered in 2013 and primarily focuses on conducting cyberespionage campaigns against high-profile targets in Southeast Asia, including large organizations and government entities. Post 2018, the group has primarily spread its malicious payload via phishing emails that contain a politically-themed RTF document. Cycldek utilizes a wide toolset consisting of several proprietary tools, including malware known as USBCulprit, which allows them to infect air-gapped devices.